KB5031442 is the cumulative update for Windows Server 2012. It was released on 10th October 2023 under the ‘Patch Tuesday’ program of Microsoft.
Salient points
- KB5031442 is the monthly rollup update for Windows Server 2012 and supersedes the KB5030278 update.
- KB5030278 is the monthly rollup update for September 2023. It was released on 12 September 2023. You can read more about KB5030278 on this page.
- KB5031442 also includes all changes that are part of the KB5031427 security update for Windows Server 2012.
- We suggest preferring KB5031442 over the KB5031427 security update. This is because KB5031442 is cumulative in nature. KB5031427 is a standalone security only update.
- KB5031469 is the Servicing Stack Update that corresponds to KB5031442 and KB5031427. The SSU was released on 10 October 2023. You need to deploy KB5031469 prior to installing the KB5031442 monthly rollup update.
- 60 security vulnerabilities affect Windows Server 2012.
- There are 11 CRITICAL security vulnerabilities that affect Windows Server 2012. You can read more about these in the vulnerabilities section.
- Two zero-day vulnerabilities affect Windows Server 2012. These threats have been discussed in the vulnerabilities section below.
- The issue with language packs continues to affect Windows Server 2012. If you install a language pack after installing KB5031442 or KB5031427, you will need to re-install the KB55031442 or KB5031427 updates respectively.
Download KB5031442
KB5031442 is a cumulative monthly rollup update. It can be installed automatically or through a manual approach.
For automatic patching of the monthly rollup update, you could use one of the following methods:
- Windows Update
- WSUS or Windows Server Update Service
WSUS remains the best method to automatically import and deploy security updates or cumulative updates on Windows Servers. We strongly suggest using WSUS as the preferred method for rolling out updates.
For manual installation, you can download the offline installer file for KB5031442 from the Microsoft Update Catalog site. Alternatively, you can use the direct download links for KB5031442 shared below.
The manual installation process for KB5031442 is a two-step process.
- Download and install Servicing Stack Update KB503146
- Download and install the monthly rollup update KB5031442
For each of these updates, we have shared the download links below.
Download KB5031469
The Servicing Stack Update file for KB5031469 has a size of 10.1 MB. Servicing Stack Updates, upon installation, do not cause the server to reboot.
Download KB5031442
The download links for KB5031442 are shared hereunder.
- Download KB5031442 from the Microsoft Update Catalog site
- Direct download link for cumulative update KB5031442
The size of the offline installer file for KB5031442 is 437.2 MB.
The server will reboot post-installation of the monthly rollup update. So, we do suggest installing the cumulative update as part of an organized change process within the IT infrastructure.
Vulnerabilities
There are 60 security vulnerabilities that have been disclosed for Windows Server 2012 as part of the October 2023 security bulletin released by Microsoft.
There is a single zero-day threat that affects Windows Server 2012. There are 11 CRITICAL threats. We have listed the zero-day threats and all the 11 CRITICAL threats below.
Zero-day vulnerabilities
There is a single zero-day threat that affects Windows Server 2012 and needs to be patched immediately.
Zero-day threats are vulnerabilities that are publicly disclosed. Or, these are the vulnerabilities that have already been exploited by the various threat actors.
The zero-day threat that affects Windows Server 2012 is mentioned below.
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36563 | IMPORTANT | 6.5 | Information Disclosure | Exploiting this vulnerability could allow the disclosure of NTLM hashes. |
CRITICAL vulnerabilities
There are 11 security vulnerabilities that have CRITICAL severity levels.
- All these 11 CRITICAL vulnerabilities can cause ‘Remote Code Execution’ attacks.
- These CRITICAL vulnerabilities are either on account of the Microsoft Messaging Queue service or the Layer 2 Tunneling Protocol.
The 11 CRITICAL security vulnerabilities affecting Windows Server 2012 are shared hereunder.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-35349 | 9.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36697 | 6.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server |
| CVE-2023-41774 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41773 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41771 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41770 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41769 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41768 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41767 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41765 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-38166 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
IIS Vulnerability
There is a CVSS 9.8 vulnerability on the IIS services running on Windows Server 2012. This threat has been shared below.
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36434 | IMPORTANT | 9.8 | Elevation of Privileges | In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft suggests using complex or strong passwords to protect against this vulnerability. |
KB5031442 – Changelog
The following changes are part of the KB5031442 monthly rollup update for Windows Server 2012.
- Addresses an issue in which an external bind might fail after Windows updates released on or after May 2023 are installed. This leads to issues with Lightweight Directory Access Protocol (LDAP) queries and authentication.
- Addresses an issue in which the Windows product key installation and Windows activation might fail after installing the September 12, 2023 Windows Server 2012 update.
- This update includes daylight saving time (DST) changes for Greenland. For more information, see the Daylight Saving Time & Time Zone Blog
October 2023 Cumulative or Security Updates
You may also like to refer to the following cumulative updates or security updates released in October 2023:
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.